VMSA-2019-0020:VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Speculative-Execution Vulnerabilities

VMware Tanzu Application Service

0 more products

23565

10 November 2019

10 November 2019

CLOSED

MEDIUM

6.5

CVE-2018-12207,CVE-2019-11135

VMware Security Advisories

Advisory IDVMSA-2019-0020
Advisory SeverityModerate
CVSSv3 Range6.5
SynopsisVMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Denial-of-Service and Speculative-Execution Vulnerabilities (CVE-2018-12207, CVE-2019-11135)
Issue Date2019-11-12
Updated On2019-11-12 (Initial Advisory)
CVE(s)CVE-2018-12207, CVE-2019-11135
 
1. Impacted Products
  • VMware ESXi
  • VMware Workstation
  • VMware Fusion
 
2. Introduction
Vulnerabilities have been disclosed which affect Intel processors:
  • CVE-2018-12207 - Machine Check Error on Page Size Change (MCEPSC)
  • CVE-2019-11135 - TSX Asynchronous Abort (TAA)

VMware Hypervisor patches are available which provide mitigation options for both CVE-2018-12207 and CVE-2019-11135.

 
3a. Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC) Denial-of-Service vulnerability (CVE-2018-12207)

Description:

VMware ESXi, Workstation, and Fusion patches include Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC). VMware has evaluated this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.

 

Known Attack Vectors:

A malicious actor with local access to execute code in a virtual machine may be able to trigger a purple diagnostic screen or immediate reboot of the Hypervisor hosting the virtual machine, resulting in a denial-of-service condition.

 

Resolution:

To mitigate CVE-2018-12207 please refer to the 'Response Matrix' below. First apply all patches listed in the 'Fixed Version' column and then follow the instructions found in the KB article in the 'Additional Documentation' column for your respective product.

 

Workarounds:

None.

 

Additional Documentation:

Because the mitigations for CVE-2018-12207 may have a performance impact they are not enabled by default. After applying all patches from the 'Fixed Version' column below mitigation can be enabled by following the instructions found in the KB article in the 'Additional Documentation' column for the product. Performance impact data found in KB76050 should be reviewed prior to enabling this mitigation.

 

Notes:

None.

 

Acknowledgements:

None.

 

Response Matrix:

ProductVersionRunning OnCVE IdentifierCVSSV3SeverityFixed VersionWorkaroundsAdditional Documents
ESXi6.7AnyCVE-2018-122076.5ModerateESXi670-201911401-BG
ESXi670-201911402-BG
NoneKB59139
ESXi6.5AnyCVE-2018-122076.5ModerateESXi650-201911401-BG
ESXi650-201911402-BG
NoneKB59139
ESXi6.0AnyCVE-2018-122076.5ModerateESXi600-201911401-BG
ESXi600-201911402-BG
NoneKB59139
Workstation15.xAnyCVE-2018-12207N/AN/AUnaffectedN/AN/A
Fusion11.xAnyCVE-2018-12207N/AN/AUnaffectedN/AN/A
 
3b. Hypervisor-Specific Mitigations for TSX Asynchronous Abort (TAA) Speculative-Execution vulnerability (CVE-2019-11135)

Description:

VMware ESXi, Workstation, and Fusion patches include Hypervisor-Specific Mitigations for TSX Asynchronous Abort (TAA). VMware has evaluated this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.

 

Known Attack Vectors:

A malicious actor with local access to execute code in a virtual machine may be able to infer data otherwise protected by architectural mechanisms from another virtual machine or the hypervisor itself. This vulnerability is only applicable to Hypervisors utilizing 2nd Generation Intel® Xeon® Scalable Processors (formerly known as Cascade Lake) microarchitecture.

 

Resolution:

To mitigate CVE-2019-11135 apply all patches listed in the 'Fixed Version' column found in the 'Response Matrix' below.

 

Workarounds:

None.

 

Additional Documentation:

None.

 

Notes:

None.

 

Acknowledgements:

None.

 

Response Matrix:

ProductVersionRunning OnCVE IdentifierCVSSV3SeverityFixed VersionWorkaroundsAdditional Documents
ESXi6.7AnyCVE-2019-111356.5ModerateESXi670-201911401-BG
ESXi670-201911402-BG
NoneNone
ESXi6.5AnyCVE-2019-111356.5ModerateESXi650-201911401-BG
ESXi650-201911402-BG
NoneNone
ESXi6.0AnyCVE-2019-111356.5ModerateESXi600-201911401-BG
ESXi600-201911402-BG
NoneNone
Workstation15.xAnyCVE-2019-111356.5Moderate15.5.1NoneNone
Fusion11.xAnyCVE-2019-111356.5Moderate11.5.1NoneNone
5. Change log
 

2019-11-12: VMSA-2019-0020 

Initial security advisory detailing Hypervisor-Specific Mitigations for CVE-2018-12207 and CVE-2019-11135 in VMware ESXi, Workstation, and Fusion.

 

6. Contact

 

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

 

This Security Advisory is posted to the following lists:

  [email protected]

  [email protected]

  [email protected]

 

E-mail: [email protected]

PGP key at:

https://kb.vmware.com/kb/1055

 

VMware Security Advisories

https://www.vmware.com/security/advisories

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2019 VMware Inc. All rights reserved.